Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-02 | CVE-2022-44930 | OS Command Injection vulnerability in Dlink Dhp-W310Av Firmware 3.10Eu D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | 9.8 |
| 2022-12-02 | CVE-2022-43325 | OS Command Injection vulnerability in Telosalliance Omnia MPX Node Firmware 1.3.35/1.3.37 An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input. | 9.8 |
| 2022-12-02 | CVE-2022-44928 | OS Command Injection vulnerability in D-Link Dvg-G5402Sp Firmware Ge1.03 D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | 9.8 |
| 2022-12-01 | CVE-2022-3226 | OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. | 7.2 |
| 2022-12-01 | CVE-2022-4257 | OS Command Injection vulnerability in Cdatatec C-Data web Management System A vulnerability was found in C-DATA Web Management System. | 9.8 |
| 2022-12-01 | CVE-2022-4221 | OS Command Injection vulnerability in Asus Nas-M25 Firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. | 9.8 |
| 2022-12-01 | CVE-2022-45045 | OS Command Injection vulnerability in Xiongmaitech products Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. | 8.8 |
| 2022-11-30 | CVE-2021-4242 | OS Command Injection vulnerability in Sapido products A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. | 8.8 |
| 2022-11-30 | CVE-2022-22984 | OS Command Injection vulnerability in Snyk products The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). | 6.3 |
| 2022-11-30 | CVE-2022-24441 | OS Command Injection vulnerability in Snyk Security The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. | 8.8 |